NDSS17
A Large-scale Analysis of the Mnemonic Password Advice
Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps
A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations
Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis
Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code
Ramblr: Making Reassembly Great Again
BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
A Broad View of the Ecosystem of Socially Engineered Exploit Documents
Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps
ASLR on the Line: Practical Cache Attacks on the MMU
Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit
Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones
HOP: Hardware makes Obfuscation Practical
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation
Broken Hearted: How To Attack ECG Biometrics
DELTA: A Security Assessment Framework for Software-Defined Networks
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
A2C: Self Destructing Exploit Executions via Input Perturbation
Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity
USENIX2016
You are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors
Stealing Machine Learning Models via Prediction APIs
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
Towards Measuring and Mitigating Social Engineering Malware Download Attacks
Specification Mining for Intrusion Detection in Networked Control Systems
APISan: Sanitizing API Usages through Semantic Cross-checking
Undermining Entropy-based Information Hiding (And What to do About it)
zxcvbn: Low-Budget Password Strength Estimation
Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud
ARMageddon: Cache Attacks on Mobile Devices
Hidden Voice Commands
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels
Trusted Browsers for Uncertain Times
Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
All Your Queries Are Belong to Us:The Power of File-Injection Attacks on Searchable Encryption
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
SGX-Enabled Oblivious Machine Learning
Poking Holes into Information Hiding
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous
Request and Conquer: Exposing Cross-Origin Resource Size
Sigcomm
WebPerf: Evaluating What-If Scenarios for Cloud-hosted Web Applications
Taking the Blame Game out of Data Centers Operations with NetPoirot
Accurate Spear Phishing Campaign Attribution and Early Detection
Rich Cloud-Based Web Applications with CloudBrowser 2.0
Controlling the Elasticity of Web Applications on Cloud Computing
AsiaCCS
StormDroid: A Streaminglized Machine Learning-based System for Detecting Android Malware
Bilateral-secure Signature by Key Evolving
Efficient Authenticated Multi-Pattern Matching
Attestation Transparency: Building secure Internet services for legacy clients
Congesting the Internet with Coordinated And Decentralized Pulsating Attacks
Privacy and Utility of Inference Control Mechanisms for Social Computing Applications
StemJail: Dynamic Role Compartmentalization
Your Credentials Are Compromised, Do Not Panic: You Can Be Well Protected
DSN
Power-aware Checkpointing: Toward the Optimal Checkpointing Interval under Power Capping
A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity
Characterizing the Consistency of Online Services
Balancing Security and Performance for Agility in Dynamic Threat Environments
Specification Mining for Intrusion Detection in Networked Control Systems
CCS 2016
SmartWalk: Enhancing Social Network Security via Adaptive Random Walks
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence
Content Security Problems? Evaluating the Effectiveness of Content Security Policy in the Wild
CSP is Dead, Long Live CSP: On the Insecurity of Whitelists and the Future of the Content Security Policy
CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-World Websites
A EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation
Generic Attacks on Secure Outsourced Databases
Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service